Laptop theft is the most prevalent cause of the breach of health information affecting more than 500 people, according to the Health & Human Services Department, which last year began tracking data breaches by public and private healthcare organizations.

 

The fact that laptops are so easily stolen underscores the importance of physical security in the protection of health information, according to Adam Greene, senior health IT and privacy specialist in HHS’ Office for Civil Rights, which enforces the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA).

Of the 189 records of data breaches affecting more than 500 individuals in the first year, 52 percent were from theft. About 20 percent were from unauthorized access and disclosure of protected information, while 16 percent were from loss, he said Nov. 10 at the mHealth Summit conference.

Laptops were involved in 24 percent of data breaches affecting more than 500 people and paper records were close behind at 22 percent. Desktop computers accounted for 16 percent of the breaches and portable devices such as smart phones accounted for 14 percent.

Green’s advice is to “encrypt, encrypt, and encrypt. The information remains protected to a significant degree,” he said, even when the device falls into the wrong hands.

While general identity theft has been on the increase, medical identity theft often has higher appeal in the digital thievery community, Green noted.  Medical identity theft can be used for the purpose of fraudulent billing for non-existent services.

“The going price of a medical ID, a Medicare number, is actually significantly higher than a Social Security number,” he said.

Medical identity theft can also have dire unintended consequence. “There’s someone else receiving medical services under your profile, and you may have the wrong blood type listed in your medical records, and the potential result of that could be fatal,” he said.